Paul.L.Snyder@gsk.com
2002-Jan-19 06:21 UTC
Rsync through proxy using HTTP Basic Authentication?
Is it possible to rsync through a firewall that requires HTTP basic authentication? The RSYNC_PROXY variable seems to correctly direct the request to go through the HTTP proxy server on the firewall, but there's no way to specify a username/password combo. The error message reported by rsync is "bad response from proxy - HTTP/1.1 401 Authentication required", which is not unexpected, under the circumstances. If I'm reading the manual correctly, the USER and RSYNC_PASSWD environment variables only affect rsync's authentication to the remote rsync server. With many apps, you'd specify http_proxy_user and http_proxy_pass in your environment, but this doesn't seem to work with rsync. (The fact that it's not mentioned in the manual made this a thin hope, anyway). If there's absolutely no way to do this using rsync alone, does anyone know of a simple HTTP proxy program that could be configured to perform the authentication on its own? That is to say: one could run this proxy on the local machine, configured to listen to only local requests. RSYNC_PROXY would then be pointed to this local proxy. When an rsync is initiated, the local proxy would pass the request to the firewall, and respond to the firewall's 401 with the correct user/password combo, with rsync none the wiser. Any ideas will be gratefully received. Thanks, Paul
On Fri, Jan 18, 2002 at 02:21:53PM -0500, Paul.L.Snyder@gsk.com wrote:> Is it possible to rsync through a firewall that requires HTTP basic > authentication? The RSYNC_PROXY variable seems to correctly direct the > request to go through the HTTP proxy server on the firewall, but there's no > way to specify a username/password combo. The error message reported by > rsync is "bad response from proxy - HTTP/1.1 401 Authentication required", > which is not unexpected, under the circumstances. > > If I'm reading the manual correctly, the USER and RSYNC_PASSWD environment > variables only affect rsync's authentication to the remote rsync server. > > With many apps, you'd specify http_proxy_user and http_proxy_pass in your > environment, but this doesn't seem to work with rsync. (The fact that it's > not mentioned in the manual made this a thin hope, anyway). > > If there's absolutely no way to do this using rsync alone, does anyone know > of a simple HTTP proxy program that could be configured to perform the > authentication on its own? That is to say: one could run this proxy on the > local machine, configured to listen to only local requests. RSYNC_PROXY > would then be pointed to this local proxy. When an rsync is initiated, the > local proxy would pass the request to the firewall, and respond to the > firewall's 401 with the correct user/password combo, with rsync none the > wiser. > > Any ideas will be gratefully received.Wow, I didn't know that rsync supported the RSYNC_PROXY. It's such a simple addition to add the Basic authentication though it should be quite easy for you or somebody to come up with a patch, and it wouldn't be a burden for it to be added to the official rsync. It just needs an addition a http header of Proxy-Authorization: Basic NNNNNN where NNNNNN is a base64 encoding of "username:password". Coincidentally or not, rsync already has a base64_encode() function. - Dave